Attackers Might Face Life in Prison; You Might Forfeit Some Privacy
Trading security for privacy
November 19, 2002
Have you been keeping up with the Homeland Security Act of 2002? The bill (which Congress just passed) will soon become law. According to the bill's provisions, computer attackers could face many years—or life—in prison for their activities.
When you read the bill, you'll see that if attacker activities appear to be intended to "intimidate or coerce the civilian population; to influence the policy of a government by intimidation or coercion; or to affect the conduct of a government by mass destruction [of computers and/or networks in this case]," law enforcement can deem the attacker a terrorist. According to the bill, the term "terrorism" can mean any act that's dangerous to human life "or potentially destructive of critical infrastructure or key resources; and is a violation of the criminal laws of the United States or of any State or other subdivision of the United States."
According to various news reports, lawmakers made last-minute additions to the Homeland Security Act of 2002—provisions from the Cyber Security Enhancement Act (CSEA)—that give law enforcement agencies broad powers. For example, law officers could perform wiretaps and other eavesdropping without court orders. Although Congress previously didn't pass CSEA, according to reports, legislators inserted CSEA provisions into the current Homeland Security Act in a roundabout attempt to have those provisions become law.
The Homeland Security Act also makes sweeping changes to privacy rights both on and off the Internet. Although I agree that computer attackers who intentionally and severely jeopardize infrastructures should be dealt with severely, I don't agree that our right to privacy should be stripped away in the name of the War on Terrorism—not at this stage anyway.
According to a Reuters news story, "buried deep in the 500-page bill are several provisions that could have lasting effects on computer security and Internet privacy" although the bill doesn't contain "authorization for a comprehensive data-mining effort proposed by the Pentagon that would break down long-established barriers against domestic surveillance."
http://reuters.com/newsArticle.jhtml?storyID=1752157
That data-mining effort referred to is the proposed Total Information Awareness (TIA) System project, which would fall under the Defense Advanced Research Projects Agency's Information Awareness Office (IAO). TIA would let the military collect information from both private and public sectors and pool that information into centralized databases—looking for patterns or details in an effort to track suspected "terrorists and criminals."
Many believe that implementing a program such as TIA would effectively destroy the Fourth Amendment right to privacy and gives the military (whose legal system lies outside the public criminal and civil courts) the right to snoop on everyone about everything. Anything you do that's recorded—on paper or digitally (including your individual and business Internet activities)—can be subject to scrutiny.
Retired US Navy Admiral John Poindexter, former national security adviser, heads the IAO, which would use TIA to process large amounts of information from different sources to predict and prevent terrorist attacks. According to "The Washington Post," Poindexter was fired from his Reagan-era post and subsequently convicted of lying to Congress, defrauding the government, and destroying evidence related to the Iran-Contra scandal," although the convictions were overturned on appeal.
The impact of new information-gathering methods remains to be seen; however, programs such as TIA will include technology that uses facial recognition and body movement to identify people at a distance. Could those programs push us toward technology such as the "skin chip," a digital implant about the size of a grain of rice? Such chips are already available to the public and can contain almost any kind of personal data. In theory, they could effectively be used for computer and network authentication, but they would also change ideas about privacy. To read more about these matters, visit the Electronic Privacy Information Center (EPIC) Web site.
About the Author
You May Also Like